MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URI pointing to 'infrive.ru', which is likely part of a phishing or malware distribution scheme. The document body, though heavily obfuscated, suggests a lure related to a 'game booster pro apk'. No scripts were extracted, but the presence of external URIs and the nature of the detection indicate a phishing or malware delivery attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9983
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://infrive.ru/pbw?utm_term=your+game+booster+pro+apk PDF link annotation
- https://static.s123-cdn-static.com/uploads/4413239/normal_5fdd3c6bbdc45.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4419640/normal_5fe8684976b57.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4379726/normal_6050e5dc6604d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4484359/normal_605008e9b80ca.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4480891/normal_6043741e4853c.pdfIn PDF document text
- https://static.s123-cdn-static-d.com/uploads/4447669/normal_60b700bdbdada.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4409799/normal_602b4fbb227d1.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4483842/normal_60483b9b6eaf3.pdfIn PDF document text
- https://static.s123-cdn-static-d.com/uploads/4481665/normal_60b50a4492f64.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367308/normal_5fdb6f6b0d56f.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4446264/normal_602822e43a900.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4371265/normal_601a09a2a192f.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- http://bowawesup.pbworks.com/w/file/fetch/144820635/3469672789.pdfIn PDF document text
- http://kuduwoxux.pbworks.com/w/file/fetch/144806280/functions_of_financial_manager.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/89c79638-de67-4625-afe1-73a422d54fb4/94662001244.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/09f72ae0-e1e1-4a03-976e-4d5181c78246/48295819116.pdfIn PDF document text
- http://pakesobiroge.pbworks.com/f/wudoroxiwamokev.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ca7fb308-24ab-4baf-b0a0-c1f10f4f83b3/mdi_spacer_instructions_spanish.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c235948b-e9b6-4ac7-b703-e32ab4a42ce7/d_and_d_5e_character_sheet_fillable.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8f6d4c75-03fb-45a8-9960-4d95fcf7b435/67591118668.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f9041c43-4260-4cf6-a705-3a844d302355/3464698537.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/db1387b2-fcb6-4d9d-a595-f040cb6f1874/metroid_prime_4_trailer_2020.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a83c147c-9df5-4479-a966-0360aaa6a27d/maus_2_sparknotes.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/027f7b2f-004e-4638-8ee7-0a1634e3573e/72642615313.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ed57.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xED57 | 5000 bytes |
SHA-256: f9706b02e41f8c4c1e52adf03302c2ae065ae7f85597df5980afde98b5869ea2 |
|||
font_01_sfnt_off0000fe5e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFE5E | 11472 bytes |
SHA-256: 9e2281c5adbcfca2ca6768e4e5b1b9ef227164025e98bc0385caf311082a01f1 |
|||
font_02_sfnt_off0001251f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1251F | 16092 bytes |
SHA-256: 9af6fc3bf9d751f70540aea0fa47faa159a3604992cda23d2adcda3ffc5346b2 |
|||
font_03_sfnt_off000139e6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x139E6 | 4324 bytes |
SHA-256: d1f4a20f0e35a0564be54678b929bb8c711862c507f070c2b9a6abea8daf4378 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.